Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security Info (root broken)

From: mark () netsys com (Mark)
Date: Sat, 8 Oct 1994 13:33:21 -0700 (PDT)


   >> This was a new
   >> install, and it lasted about 4 days.   One person heard thru the cracker
   >> grapvine that root was broken thru /bin/mail.

   P> Did you happen to install the following, in particular 101436-02?

   P> Solaris 1.1.1 Patches Containing Security Fixes:
   P> ------------------------------------------------

   P> 101436-02   SunOS 4.1.3_U1: bin/mail jumbo patch

This is the patch which made the race condition *easier* to exploit
than it was in the unpatched version.


I dont know about you guys but having used and proved all of the binmail
exploit scripts the quick and dirty fix for them is put this in rc.local:

/bin/touch /usr/spool/mail/root
/bin/touch /usr/spool/mail/sysdiag
/bin/touch /usr/spool/mail/sundiag
/bin/touch /usr/spool/mail/[any other uid 0 acct]

It closes the need-a-root-owned-mbox problem. There are other additions
for rc.local to close more bugs, but lets wait the usual six months :)

Cheers,
Mark
Previous By Date Next
Previous By Thread Next

Current thread: